ASA Firewall

Hi All

I am trying to enable SNMP on my ASA and get the following message;

WARNING: The UDP port 161 is in use by another feature. SNMP requests to the device will fail until the snmp-server listen-port command is configured to use a different port.

What feature is using this port?
Leedham2answersAsked:
Who is Participating?
 
Ernie BeekConnect With a Mentor ExpertCommented:
Do you happen to have that port forwarded already?
A sanitized config might be handy for us to have a look at :)
0
 
Leedham2answersAuthor Commented:
The config on this firewall is HUGE and it will take a while for me to modify it and make it safe for viewing.

We are not port forwarding that port number. I have configured the ASA to work on a different port number and it still aint playing ball. When I do a packet trace is fails on step 5 (ACL_DROP) We allow IP outbound for the IP address of my machine which is the box I am testing from. It is not a version mismatch and I know the password is correct.

Here is the config for SNMP;

snmp-server host inside 192.168.11.29 community ***** version 2c
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps entity config-change fru-insert fru-remove
snmp-server enable traps remote-access session-threshold-exceeded
snmp-server listen-port 60111

This look good to you?
0
 
Ernie BeekExpertCommented:
Ok,
so the machine you're testing from is: 192.168.11.29, and you allowed port 60111 on the inside interface of the ASA.......
The packet trace looks like there is something being blocked nevertheless.
Does anything show up in the logging when trying to poll?
0
Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

 
Leedham2answersAuthor Commented:
Bloody hell, you were right in your first reply. We are forwarding that port for are video conferencing systems. I have just removed that config and it started working. There must be a way around this? I tried configuring it to listen on another port and it was having none of it. Any ideas?

The points are yours :-)
0
 
Ernie BeekExpertCommented:
Well, thanks :)

Let's see what else we can do. As stated before:
so the machine you're testing from is: 192.168.11.29, and you allowed port 60111 on the inside interface of the ASA.......
The packet trace looks like there is something being blocked nevertheless.
Does anything show up in the logging when trying to poll?


Just to check ;)
0
 
Feroz AhmedSenior Network EngineerCommented:
Hi,

There are 2 ports in SNMP one is 161 and 160 ,161 port number is used for UDP packets and port number 160 is used for TCP Packets.UDP is defined as Connectionless port and TCP is defined as Connection Oriented in Network Topology.BY default 161 port is used by UDP connections which is connectionless and to configure SNMP on TCP Connections which are connection Oriented you will have to enable configure SNMP .
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.